Does anyone know of any recommendations regarding sizing of:
- AP subnets
- Client subnets
when designing Cisco wireless networks?
I've checked out the design guides and various FAQ's etc., but haven't come across anything obvious.
In the case of AP subnets, I wonder if there is a recommended point at which the number of APs in a subnet becomes too high. There must be a break-point where the level of broadcast traffic starts to have negative impact on performance for all APs in the subnet. I often use an AP subnet range per switch stack or per floor, which seems to work fine, but may not be best use of limited IP address space. But, would it really be advisable to create a 24 bit AP range and then put 250 APs into it?
The same question applies to client subnets. Again, if I have 500 users, I wouldn't usually create a single 23 bit subnet to accomodate them and then allow that single range to be assigned to a single SSID to cover a campus. Generally, I would use a number of ranges and use AP groups on an SSID to keep the broadcast domains down to reasonable sizes on the client side. Again, what is a 'reasonable' size (in terms of numbers of clients on a subnet)?
I'm guessing there are a lot of variables in here (for instance the levels & types of traffic). But, I would be interested to hear of any tried & tested (or Cisco recommended) rules of thumb.
Thanks in advance.
In larger environments I usually split everything up by either floor or closet and use /24 subnets, in smaller deployments I use either a /24 in rare ocassions I have used a /22. Generally I seperate the AP's on to 1 VLAN/Subnet, Data users on another, and Voice Users on a another. I am not any of any necessarily best practices or rules of thumb so to speak specifically documented by Cisco.
In a Controller environment, broadcast forwarding is disabled by default, so client subnet size should not matter too much. In IOS, it does and broadcasts over wireless are a killer.
For APs, although there is rule of thumb, but as TAC engineer, I saw troubles in situations where 200 APs were in the same subnet. The problem is not that it's a hard limit. But if for some reason there is a arp/broadcast storm, the APs will really suffer that. So out of experience, 100 AP in the same subnet was a nice limit.
But that's personal experience.
Please rate posts that you find useful.
Thanks for the information regarding AP subnet sizing - very useful!
With regards to the client subnets, I am interested to understand the broadcast side of things. Are you saying that a layer 2 broadcast (for instance an ARP broadcast from the client subnet default gateway) from the wired network will not be broadcast to all clients on a subnet?
How I understand ARP and the controller is that the ARP record for the wireless clients LIVE one the WLC. Which means there is no need for ARPing out to the wireless clients. In fact, if you look at the controller tab on the WLC. Look at the bottom you will see ARP Timeout (seconds). This is the time out for the ARP in the WLC.
But I could be wrong ...
Indeed, WLC act as ARP and DHCP proxy. So WLC replies to wired network on behalf of wireless clients and blocks broadcasts coming from wired side.
Broadcast from wireless clients are not send to other wireless clients (by default).
It was a great question ... George Stefanick --- aka Wirelesssguru on Twitter ...
Leo ... Its a twitter thang ... You boys from down under would not understand ... LOL
LOL .... Yea, it looks nice, no ?
I have seen wireless client subnets with /20 without problems.
The build-in proxy ARP (as someone mentioned in this thread) limits the broadcast traffic taking away some of the pain having many clients in one big subnet.
However given the fact 'VLAN select' has been introduced 220.127.116.11 I would consider using that feature instead.
VLAN select lets You bind a number of /24 to the same SSID.
If needed, You can add more /24's to the interface group as the number of clients using the particular SSID increases.
In terms of the subnets where the AP's is connected, I would stick with Your classical /24 subnet plan.
If Your infrastructure supports it You could consider placing the AP LAN interfaces in a dedicated VRF.
Thereby You can make sure the control-plane of the AP's are not being hit by a broadcast storm on the user segments.
But on the other hand, having the AP's in a VRF may increase the operational complexity.
I am told Cisco internally uses /22's and I have heard from many people larger subnets are OK the thing is if you firewall your wireless from wired then more subnets means more ACLs!! I am considering /22 or at very smallest multiple /23s using AP groups or VLAN select. Any thoughts or please chime in more on the sizing you use in your organization.
We use /22 in production and /21 for guest.
Just to add in another consideration to this discussion, I'd like to throw in multicasting.
The main argument that underpins the sizing considerations discussed above is the fact that the WLC does not forward broadcasts to client, allowing large subnets to be used with no issues.
However, with the growth of BYOD etc. recently, there is a growing demand for multicasting due to the services provided by Bonjour for Apple devices (e.g. Apple TV, Air Print etc.).
I'd be interested to hear if anyone has any views on how the potential growth in multicast traffic for Bonjour services is going to impact client subnet sizing (if at all..?).
There is a great guide about Bonjour deployment from Cisco at: http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_tech_note09186a0080bb1d7c.shtml
I'm guessing that IGMP snooping should ensure that only clients that need to receive a multicast stream will get it. But, even so, I'm guessing this will have some detrimental impact as many clients on the same subnet may receive the same stream?
Anyone any useful input on this?
...interestingly, I just found the following information in the Cisco VoWLAN design guide document (http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/vowlan/41dg/vowlan_ch8.html#wp1045638
" The primary purpose of using AP Groups in this manner is to minimize the size of WLAN broadcast domains, or share WLAN client traffic across multiple VLANs. Another purpose is to have the WLAN subnet size fit a standard size used in the general campus design. Unless broadcast or multicast traffic has been enabled on the Cisco Unified Wireless Network, there is no need to minimize subnet size to control the WLAN broadcast domain because the Cisco Unified Wireless Network default prevents broadcast and multicast traffic from being sent over of the WLAN. This allows all the clients on the same WLC's WLAN to be on the same subnet without broadcast/multicast domain issues."
So, maybe with the potential requirements for more multicast traffic, the VLAN Select option may be the better route to go..?